Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP Configuration with IOS versus vmWorks

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

Hi

I have a Cisco Aironet 350 Series Wireless LAN Adapter running Ver 8.3.10 Firmware Along with ACU 6.0 we have it working on PEAP to a AP 350 running vmWorks ver 12.01T. However when we tried an AP 1100 Series running IOS we are unsuccessful. The AP1100 is configured as per the configuration guide.

Any suggestions?

Here is the AP 1100 config.

aaa new-model

!

!

aaa group server radius rad_eap

server 10.12.1.135 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

server 10.12.1.135 auth-port 1645 acct-port 1646

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization ipmobile default group rad_pmip

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

dot11 holdoff-time 600

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxx transmit-key

encryption mode wep mandatory

!

broadcast-key change 300

!

ssid tsunami

authentication open eap eap_methods

authentication network-eap eap_methods

accounting acct_methods

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

rts threshold 2312

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.12.0.246 255.255.252.0

no ip route-cache

!

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

ip radius source-interface BVI1

radius-server host 10.12.1.135 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxxxxxxxx

radius-server retransmit 3

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

bridge 1 route ip

3 REPLIES
Cisco Employee

Re: PEAP Configuration with IOS versus vmWorks

Nothing jumps out as wrong your best bet is to use the debugs

You have added the 1100 as a NAS in the radius server ? shared keys etc are right ?

On the radius server debugs what do you see ?

On the ap try

debug dot11 aaa process

debug dot11 aaa rxdata

New Member

Re: PEAP Configuration with IOS versus vmWorks

I think you need to configure your key in slot 2. this is from WEP Key restrictions for WPA -- Table 9-1 in the IOS software configuration guide...

New Member

Re: PEAP Configuration with IOS versus vmWorks

Change your config as follows:

ssid tsunami

authentication open eap eap_methods

authentication network-eap eap_methods <-TAKE OUT

accounting acct_methods

guest-mode

The following link is a good guide to setting up PEAP.

http://www.missl.cs.umd.edu/Projects/wireless/8021x/

290
Views
0
Helpful
3
Replies
CreatePlease to create content